| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Apr 2016 01:02:24 +0200 From: Ben Hutchings <ben@...adent.org.uk> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org CC: akpm@...ux-foundation.org, "Takashi Iwai" <tiwai@...e.de> Subject: [PATCH 3.2 036/115] ALSA: usb-audio: Add sanity checks for endpoint accesses 3.2.80-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Takashi Iwai <tiwai@...e.de> commit 447d6275f0c21f6cc97a88b3a0c601436a4cdf2a upstream. Add some sanity check codes before actually accessing the endpoint via get_endpoint() in order to avoid the invalid access through a malformed USB descriptor. Mostly just checking bNumEndpoints, but in one place (snd_microii_spdif_default_get()), the validity of iface and altsetting index is checked as well. Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=971125 Signed-off-by: Takashi Iwai <tiwai@...e.de> [bwh: Backported to 3.2: drop changes to code we don't have] Signed-off-by: Ben Hutchings <ben@...adent.org.uk> --- --- a/sound/usb/clock.c +++ b/sound/usb/clock.c @@ -211,6 +211,8 @@ static int set_sample_rate_v1(struct snd unsigned char data[3]; int err, crate; + if (get_iface_desc(alts)->bNumEndpoints < 1) + return -EINVAL; ep = get_endpoint(alts, 0)->bEndpointAddress; /* if endpoint doesn't have sampling rate control, bail out */ --- a/sound/usb/pcm.c +++ b/sound/usb/pcm.c @@ -148,6 +148,8 @@ static int init_pitch_v1(struct snd_usb_ unsigned char data[1]; int err; + if (get_iface_desc(alts)->bNumEndpoints < 1) + return -EINVAL; ep = get_endpoint(alts, 0)->bEndpointAddress; data[0] = 1;
Powered by blists - more mailing lists